Linux.ProxyM is a trojan that targets Linux-based devices using default login credentials. It is capable of infecting devices running on different architectures such as x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 6800, and SPARC. It was first identified in February 2017 as a proxy server botnet and, by June 2017, it was comprised of nearly 10,000 devices. Since June, this botnet has decreased by between 4,500 and 5,000 devices and began operating as an email spam botnet. The average number of emails each infected device sends is 400 per day.


Technical Details

  • Dr. Web provides technical details on Linux.ProxyM here.